Mark Johnston [Sun, 19 Sep 2021 17:45:09 +0000 (13:45 -0400)]
freebsd32: Fix a double copyin in sendmsg() and recvmsg()
freebsd32_sendmsg() and freebsd32_recvmsg() both copyin the message
header twice, once directly and once in freebsd32_copyinmsghdr(). The
iovec length from the former is used when copying in msg_iov, but the
rest of the kernel uses the iovec length from the latter. When
kern_sendit() and kern_recvit() iterate over the iovec to compute the
residual for I/O, they can therefore end up walking past the end of the
copied in iovec, either resulting in a system call error, userspace
memory corruption from uiomove() with invalid iovecs, or a kernel page
fault if the copied-in iovec is followed by an unmapped KVA region.
Reported by: syzbot+7cc64cd0c49605acd421@syzkaller.appspotmail.com
Reviewed by: kib, emaste
Sponsored by: The FreeBSD Foundation
Wenzhuo Lu [Fri, 16 Oct 2015 02:51:03 +0000 (10:51 +0800)]
e1000: prevent ULP flow if cable connected
Enabling ulp on link down when cable is connect caused an infinite
loop of linkup/down indications in the NDIS driver.
After discussed, correct flow is to enable ULP only when cable is
disconnected.
During LTO build compiler reports some 'false positive' warnings about
variables being possibly used uninitialized. This patch silences these
warnings.
Exemplary compiler warning to suppress (with LTO enabled):
error: 'link' may be used uninitialized in this function
[-Werror=maybe-uninitialized]
if (link) {
Yong Wang [Tue, 21 Feb 2017 09:33:23 +0000 (04:33 -0500)]
e1000: fix multicast setting in VF
In function e1000_update_mc_addr_list_vf(), "msgbuf[0]" is used prior
to initialization at "msgbuf[0] |= E1000_VF_SET_MULTICAST_OVERFLOW".
And "msgbuf[0]" is overwritten at "msgbuf[0] = E1000_VF_SET_MULTICAST".
Fix it by moving the second line prior to the first one that mentioned
above.
Fixes: dffbaf7880a8 ("e1000: revert fix for multicast in VF") Cc: stable@dpdk.org Signed-off-by: Yong Wang <wang.yong19@zte.com.cn> Acked-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
Approved by: imp
Obtained from: DPDK (f58ca2f9ef6)
MFC after: 1 week
Guinan Sun [Mon, 6 Jul 2020 08:12:09 +0000 (08:12 +0000)]
e1000: increase timeout for ME ULP exit
Due timing issues in WHL and since recovery by host is
not always supported, increased timeout for Manageability Engine(ME)
to finish Ultra Low Power(ULP) exit flow for Nahum before timer expiration.
Guinan Sun [Mon, 6 Jul 2020 08:12:08 +0000 (08:12 +0000)]
e1000: add missing register defines
Added defines for the EEC, SHADOWINF and FLFWUPDATE registers needed for
the nvmupd_validate_offset function to correctly validate the NVM update
offset.
Guinan Sun [Mon, 6 Jul 2020 08:12:05 +0000 (08:12 +0000)]
e1000: remove duplicated phy codes
Add two files base.c and base.h to reduce the redundancy
in the silicon family code.
Remove the code duplication from e1000_82575 files.
Clean family specific functions from base.
Fix up a stray and duplicate function declaration.
Guinan Sun [Mon, 6 Jul 2020 08:12:03 +0000 (08:12 +0000)]
e1000: fix minor issues and improve code style
Fix typo in piece of code of NVM access for SPT.
And cleans up the remaining instances in the shared code
where it was not adhering to the Linux code standard.
Wrong description was found in the mentioned file, so fix them.
Remove shadowing variable declarations.
Relating to operands in bitwise operations having different sizes.
Unreachable code since *clock_in_i2c_* always return success.
Don't return unused s32 and don't check for constants.
Alex Richardson [Tue, 19 Jan 2021 11:35:07 +0000 (11:35 +0000)]
usr.bin/grep: Fix Address OOB read error
I found this when compiling all the bootstrap tools with -fsanitize=addres:
==65590==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62d000008400 at pc 0x000000473053 bp 0x7ffc1c7dd910 sp 0x7ffc1c7dd0b8
READ of size 32769 at 0x62d000008400 thread T0
#0 0x473052 in regexec (/local/scratch/alr48/cheri/build/freebsd-amd64-build/local/scratch/alr48/cheri/freebsd/amd64.amd64/tmp/legacy/bin/grep+0x473052)
#1 0x4c9cf3 in procline /local/scratch/alr48/cheri/freebsd/usr.bin/grep/util.c:539:8
#2 0x4c8687 in procfile /local/scratch/alr48/cheri/freebsd/usr.bin/grep/util.c:379:18
#3 0x4c6596 in main /local/scratch/alr48/cheri/freebsd/usr.bin/grep/grep.c:714:8
0x62d000008400 is located 0 bytes to the right of 32768-byte region [0x62d000000400,0x62d000008400)
allocated by thread T0 here:
#0 0x493d5d in malloc (/local/scratch/alr48/cheri/build/freebsd-amd64-build/local/scratch/alr48/cheri/freebsd/amd64.amd64/tmp/legacy/bin/grep+0x493d5d)
#1 0x4cad75 in grep_malloc /local/scratch/alr48/cheri/freebsd/usr.bin/grep/util.c:656:13
#2 0x4c8129 in procfile /local/scratch/alr48/cheri/freebsd/usr.bin/grep/util.c
#3 0x4c6596 in main /local/scratch/alr48/cheri/freebsd/usr.bin/grep/grep.c:714:8
SUMMARY: AddressSanitizer: heap-buffer-overflow (/local/scratch/alr48/cheri/build/freebsd-amd64-build/local/scratch/alr48/cheri/freebsd/amd64.amd64/tmp/legacy/bin/grep+0x473052) in regexec
Ed Maste [Fri, 17 Sep 2021 13:59:41 +0000 (09:59 -0400)]
readelf: document that -u / --unwind is not yet implemented
ELF tool chain readelf accepts -u / --unwind but just ignores the
option. This was previously undocumented, which could be confusing for
someone encountering `readelf -u` (in a script or GNU readelf example).
Reported by: markj (in D32003)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
This version incorporates many fixes in particular a fix for vi -w
Another approach was proposed to merge those fixes (see review), I find
it easier to track changes if we keep importing snapshot on regular
basis
vi(1): Add URL to the vi/ex reference manual in the man page
Reported in PR 241985
The manual page references the "vi/ex reference manual" but there is no
information about where to find that document. Add a reference to the manual in
the SEE ALSO section since the Project hosts a copy of it[1].
Change sent upstream[2]
If D26158 gets reviewed and committed, we could close that PR.
Alex Richardson [Mon, 21 Sep 2020 09:03:42 +0000 (09:03 +0000)]
Fix vi build on Linux/macOS
This absolute include causes a build failure on Linux for me:
.../cheri/freebsd/contrib/nvi/cl/../common/common.h:10:10: fatal error: '/usr/include/db.h' file not found
This change patches the file to use #include <db.h> instead until a
solution has been found upstream. See also https://github.com/lichray/nvi2/issues/69
Main changes:
* Vim-style expandtab option
* Provides Turkish translation
* Backspace now deletes \ rather than being escaped
* T during motion commands is now VI-compatible
* Encoding related fixes, such as UTF-8 detection
* Fixed a number of memory management issues
ixl(4): Fix 2.5 and 5G speeds reporting and update shared code
Fix 2.5 and 5G speeds reporting and update shared code with recent
changes:
- Update expected FW API versions for X710 and X722 adapters
- Define pointers related to Preservation Rules Module
- Add definitions for Shadow RAM pointers to new modules: 5th and 6th
FPA, and Preservation Rules Module.
- Add I40E_RX_PTYPE_PARSER_ABORTED definition, so the driver will know
opcode for parser aborted packets.
- Add the new filter types needed for custom cloud filters.
- Add support for Minimum Rollback Revision
- Fix RX_ONLY mode for unicast promiscuous on VLAN
- Add EEE LPI status check for X722 adapters
- Fix PHY type identifiers for 2.5G and 5G adapters
- Fix update link data for X722
- Increase the timeout value for PF reset to give PF more time to finish
reset if it is loaded with filters.
- Added support for Min Rollback Revision for 4 more X722 modules
- Fix reporting of Active Optical Cable media type
- Add flags and fields for double VLAN processing
- Fix potentially uninitialized variables in NVM code
When link_active_on_if_down flag is disabled and link is brought down
with ifconfig, FW reports a false positive link event about an
unqualified transceiver. The condition used in the driver to filter out
those false positive events was incorrect and caused that unqualified
module event to also not be reported when the event was valid.
Change the condition to rely on IFF_UP flag instead of
link_active_on_if_down and bump driver version to 2.3.1-k.
ixl(4): Add tunable to override Flow Control settings
Add flow_control to hw.ixl tunables tree to let override
initial flow control configuration for all interfaces.
Keep using configuration set by NVM by default.
Eric Joyner [Tue, 23 Feb 2021 01:45:09 +0000 (17:45 -0800)]
ice(4): Update to version 0.28.1-k
This updates the driver to align with the version included in
the "Intel Ethernet Adapter Complete Driver Pack", version 25.6.
There are no major functional changes; this mostly contains
bug fixes and changes to prepare for new features. This version
of the driver uses the previously committed ice_ddp package
1.3.19.0.
ix(4): Report RX errors as sum of all RX error counters
HW keeps track of RX errors using several counters, each for
specific type of errors. Report RX errors to OS as sum
of all those counters: CRC errors, illegal bytes, checksum,
length, undersize, fragment, oversize and jabber errors.
Also, add new "rx_errs" sysctl in the dev.ix.N.mac_stats tree. This is
to provide an another way to display the sum of RX errors.
ixl(4): Report RX errors as sum of all RX error counters
HW keeps track of RX errors using several counters, each for
specific type of errors. Report RX errors to OS as sum
of all those counters: CRC errors, illegal bytes, checksum,
length, undersize, fragment, oversize and jabber errors.
There is no HW counter for frames with invalid L3/L4 checksums
so add a SW one.
Also add a "rx_errors" sysctl with a copy of netstat IERRORS
counter value to make it easier accessible from scripts.
ixl(4): Add ability to control link state on ifconfig down
Add sysctl link_active_on_if_down, which allows user to control
if interface is kept in active state when it is brought
down with ifconfig. Set it to enabled by default to preserve
backwards compatibility.
When I did some bus_dma cleanup in r320528, I brought forward some sketchy
WITNESS checks from the prior x86 busdma wrappers, instead of recognizing
them as technical debt and just dropping them. Two of these were removed in
r346351 and r346851, but one remains in bounce_bus_dmamem_alloc(). This check
could be constrained to only apply in the BUS_DMA_NOWAIT case, but it's cleaner
to simply remove it and rely on the checks already present in the sleepable
allocation paths used by this function.
While here, remove another unnecessary witness check in bus_dma_tag_create
(the tag is always allocated with M_NOWAIT), and fix a couple of typos.
Reported by: cem
Reviewed by: kib, cem
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D25107
Ed Maste [Sun, 12 Sep 2021 16:45:50 +0000 (12:45 -0400)]
bsd.lib.mk: add conditions for building _pie.a archives
As with other .a targets, build _pie.a archives only if LIB is set.
At present we build _pie.a only for INTERNALLIBs, and none of them
include bsd.lib.mk without setting LIB. However, we might want to build
_pie.a for non-INTERNALLIBs in the future.
Reviewed by: arichardson
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31920
Dimitry Andric [Thu, 26 Aug 2021 15:36:03 +0000 (17:36 +0200)]
Add -Wno-error=unused-but-set-variable when building with Clang 13+
This warning triggers many times while building world. Downgrade it to a
warning until all occurrences have been fixed. Once the Clang warnings
have been fixed we should be able to turn it on for GCC as well. See
also f4fed768bba45a406f73ed1491d7e52fd1a8711d which did the same for the
kernel builds.
tag2name() returns a uint16_t, so we don't need to use uint32_t for the
qid (or pqid). This reduces the size of struct pf_kstate slightly. That
in turn buys us space to add extra fields for dummynet later.
Happily these fields are not exposed to user space (there are user space
versions of them, but they can just stay uint32_t), so there's no ABI
breakage in modifying this.
When we're synproxy-ing a connection that's going to us (as opposed to a
forwarded one) we wound up trying to send out the pf-generated tcp
packets through pf_intr(), which called ip(6)_output(). That doesn't
work all that well for packets that are destined for us, so in that case
we must call ip(6)_input() instead.
Alexander Motin [Wed, 18 Aug 2021 21:11:03 +0000 (17:11 -0400)]
geli(8): Do not report error on resize to the same size.
Just validate the old metadata and exit. Originally the check was
added to not thash the only copy of metadata, but we can achieve the
same just by skipping the writing/trashing. The metadata validation
should protect user from wrongly specifying new size instead of old.
Mark Johnston [Tue, 30 Jun 2020 15:56:54 +0000 (15:56 +0000)]
Remove CRYPTO_TIMING.
It was added a very long time ago. It is single-threaded, so only
really useful for basic measurements, and in the meantime we've gotten
some more sophisticated profiling tools.
Alexander Motin [Thu, 2 Sep 2021 22:11:58 +0000 (18:11 -0400)]
bnxt(4): Fix bugs in WOL support.
Before this change driver reported IFCAP_WOL_MAGIC enabled, but not
supported. It caused errors on some SIOCSIFCAP calls. Instead
report the support if hardware supports WOL, and enabled status if
it has such filter installed on boot.
Also bnxt_wol_config() should check WOL status in if_getcapenable(),
not in if_getcapabilities() to get current one.
Because lld 13 and higher default to garbage collecting start/stop
symbols when using --gc-sections, the linker sets used in the i386 boot
loaders will disappear. This leads to the loaders not recognizing any
commands, and failure to boot.
Until we have a good set of linker scripts for the loaders, work around
it by disabling the start-stop-gc feature.
Ed Maste [Tue, 31 Aug 2021 19:30:50 +0000 (15:30 -0400)]
openssh: simplify login class restrictions
Login class-based restrictions were introduced in 5b400a39b8ad. The
code was adapted for sshd's Capsicum sandbox and received many changes
over time, including at least fc3c19a9fcee, bd393de91cc3, and e8c56fba2926.
During an attempt to upstream the work a much simpler approach was
suggested. Adopt it now in the in-tree OpenSSH to reduce conflicts with
future updates.
Test prioritisation and dummynet queues.
We need to give the pipe sufficient bandwidth for dummynet to work.
Given that we can't rely on the TCP connection failing alltogether, but
we can measure the effect of dummynet by imposing a time limit on a
larger data transfer.
If TCP is prioritised it'll get most of the pipe bandwidth and easily
manage to transfer the data in 3 seconds or less. When not prioritised
this will not succeed.
Kristof Provost [Fri, 21 May 2021 09:14:34 +0000 (11:14 +0200)]
netpfil tests: Basic dummynet pipe test
Test dummynet pipes (i.e. bandwidth limitation) with ipfw. This is put
in the common tests because we hope to add dummynet support to pf in the
near future.
Kristof Provost [Tue, 20 Aug 2019 14:31:22 +0000 (14:31 +0000)]
netpfil tests: Add the set ToS test for ipfw and pf
This test tests the following:
- The firewall is able to set the tos bits
- The firewall is able to set the DSCP bits when EN bits is already set and
the EN bits remains unchanged.
- The firewall is able to drop the packets based on ToS value
Tom Jones [Mon, 5 Aug 2019 11:47:34 +0000 (11:47 +0000)]
Add common firewall test suite
Add a common test suite for the firewalls included in the base system. The test
suite allows common test infrastructure to test pf, ipfw and ipf firewalls from
test files containing the setup for all three firewalls.
Add the pass block test for pf, ipfw and ipf. The pass block test checks the
allow/deny functionality of the firewalls tested.
Kristof Provost [Tue, 25 May 2021 14:54:32 +0000 (16:54 +0200)]
ipfw: Introduce dnctl
Introduce a link to the ipfw command, dnctl, for dummynet configuration.
dnctl only handles dummynet configuration, and is part of the effort to
support dummynet in pf.
/sbin/ipfw continues to accept pipe, queue and sched commands, but these can
now also be issued via the new dnctl command.
Guinan Sun [Thu, 9 Jul 2020 08:00:33 +0000 (08:00 +0000)]
ixgbe: cleanup spelling mistakes in comments
Several functions in the driver code have a weird function comment
formatting which uses two spaces instead of only one space for the main
function body.
This formatting will be mechanically fixed by sed in a future patch, but
doing so leads to some spelling warnings on that patch. Cleanup the
spelling mistakes that will be detected first. This way, it is easier to
verify the mechanical transformation done by sed in the following patch.
Guinan Sun [Thu, 9 Jul 2020 08:00:35 +0000 (08:00 +0000)]
ixgbe: move increments after evaluations
The retry variable was being incremented before it was evaluated by the
subsequent conditional against the maximum retries to figure out which
message to print. So we'll move the increment op to the end.
Xiaoyun Li [Mon, 17 Sep 2018 09:28:12 +0000 (17:28 +0800)]
ixgbe: update X550 SFP identification
Use ixgbe_identify_sfp_module_X550em to update SFP identification
flow. ixgbe_identify_sfp_module_X550em includes specific checks for
X550 about supported SFP modules.
Ashijeet Acharya [Fri, 24 May 2019 09:30:15 +0000 (11:30 +0200)]
ixgbe: wait for link after copper MAC setup
After setting up the link on x552/X557-AT 10GBASE-T NICs, sometimes the
link does not get set up properly and as a result all the subsequent
calls to ixgbe_check_link() from ixgbe_dev_link_update_share() fail.
Introduce a delay time of 1s in ixgbe_setup_mac_link_t_X550em() before
beginning to set up the external PHY link speed to ensure that the
controller can acquire the link.
Guinan Sun [Thu, 9 Jul 2020 08:00:40 +0000 (08:00 +0000)]
ixgbe: initialize data field in struct buffer
While sending request using ixgbe_hic_unlocked() the data field in
buffer struct is not used. It is set when the struct is overwritten by
FW to deliver the response. To not pass random data to FW the whole
structure should be zeroed before use.
Signed-off-by: Krzysztof Galazka <krzysztof.galazka@intel.com> Signed-off-by: Piotr Pietruszewski <piotr.pietruszewski@intel.com> Signed-off-by: Guinan Sun <guinanx.sun@intel.com> Reviewed-by: Wei Zhao <wei.zhao1@intel.com>
Approved by: imp
Obtained from: DPDK (40543be5376ca415b2a7e196315d0555725b8bdf)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31621
Guinan Sun [Thu, 9 Jul 2020 08:00:30 +0000 (08:00 +0000)]
ixgbe: fix x550em 10G NIC link status
With the NVM image for x550em XFI will not report
the auto-negotiation feature correctly. The auto-negotiation
should be "No" for supports and advertised items.
At the same time update speed makes it support 1G and 10G.